Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/ZjyGTqi0ifGIbnqJhlZhBdTcHgk.roa
File: ZjyGTqi0ifGIbnqJhlZhBdTcHgk.roa (raw, json)
Hash identifier: Y55IgFbatILCIEx/aPby2FYgodUugqIEphVm7ZmEPzU=
Subject key identifier: 66:3C:86:4E:A8:B4:89:F1:88:6E:7A:89:86:56:61:05:D4:DC:1E:09
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2027
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ZjyGTqi0ifGIbnqJhlZhBdTcHgk.roa
Signing time: Mon 02 Jun 2025 21:08:37 +0000
ROA not before: Mon 02 Jun 2025 21:08:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8231 (0x2027)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 2 21:08:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=663C864EA8B489F1886E7A8986566105D4DC1E09
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:11:e8:5f:ff:08:3b:78:3f:1e:4c:03:82:f5:
74:ee:50:18:e2:8d:32:ae:73:58:93:45:17:e3:6b:
d1:2b:cf:13:86:7e:fa:1c:a3:30:5e:d0:6e:49:3e:
a3:1a:53:4b:c8:1f:d2:24:aa:03:1a:ef:58:ce:b8:
60:02:74:57:b3:e8:6e:a3:0f:89:90:db:59:a1:09:
35:56:53:1a:3c:90:8d:19:f1:9d:bb:63:72:12:0d:
35:1f:f8:4a:12:bf:67:c5:f2:2c:98:eb:98:30:59:
62:0f:4f:06:c0:93:21:6a:e8:83:ff:99:b6:88:6c:
e1:b4:97:4f:e3:87:2e:13:ac:1b:b7:b2:01:0e:2c:
49:38:cc:62:2c:f5:40:94:de:8b:05:45:ed:39:3a:
1c:14:37:b8:90:bf:13:3e:e2:ff:b6:6c:8d:04:67:
26:ed:e4:89:ab:e9:7b:a7:0f:0a:89:b1:46:bf:9f:
24:f3:3d:81:f1:e6:34:e7:d3:2d:2e:a9:6e:16:00:
aa:82:cf:f8:1b:23:30:4e:93:22:fb:07:1a:62:25:
26:cc:0d:06:7c:90:09:96:73:3d:2f:d4:cd:29:38:
5c:5b:5c:ea:38:f2:8a:24:31:54:7e:05:fe:ab:7f:
2e:f6:2b:b1:d7:58:85:f3:05:7d:62:d1:d7:dd:21:
3f:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:3C:86:4E:A8:B4:89:F1:88:6E:7A:89:86:56:61:05:D4:DC:1E:09
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ZjyGTqi0ifGIbnqJhlZhBdTcHgk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
93:eb:a5:06:e5:c8:b7:15:29:35:f1:72:b9:ae:fe:1b:17:4d:
fa:6f:43:80:6e:15:b9:51:99:2f:66:65:9a:80:d8:f2:27:88:
b1:a1:05:57:17:39:9d:23:71:2d:35:51:0c:09:01:20:41:74:
b2:67:bb:51:45:b8:90:55:41:29:6e:61:b5:71:2a:17:e6:fa:
1f:69:af:d3:b3:de:09:4b:6a:9e:a2:3e:76:00:43:ff:29:07:
7b:e2:6d:60:2a:1d:2a:3c:ed:e3:9b:68:90:28:d8:47:36:02:
6e:55:f2:00:d5:9d:3b:91:4d:08:a9:5d:2e:d2:9c:e7:53:97:
93:06:ee:00:88:bd:2f:43:50:b7:b1:c5:1f:12:3c:01:7b:45:
96:fb:1f:28:17:30:4a:e6:36:a7:1a:ce:26:33:de:50:81:86:
77:44:71:4b:a0:11:af:aa:6b:79:79:5f:1c:4e:cf:dc:a0:c8:
30:c1:a5:ff:82:91:a3:47:e4:1f:93:c2:53:d6:16:a1:6c:be:
d4:0c:c5:4c:55:07:eb:8c:d7:d1:9b:04:f9:24:fd:58:ce:0a:
22:2c:68:9d:0d:e6:8c:e4:9f:db:ba:36:07:ea:a0:8e:34:b1:
6d:57:8b:a9:d6:29:3e:99:86:70:b1:96:0e:eb:b7:24:ef:56:
94:43:28:bc
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICICcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDIy
MTA4MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY2M0M4NjRFQThCNDg5
RjE4ODZFN0E4OTg2NTY2MTA1RDREQzFFMDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvEehf/wg7eD8eTAOC9XTuUBjijTKuc1iTRRfja9ErzxOGfvoc
ozBe0G5JPqMaU0vIH9IkqgMa71jOuGACdFez6G6jD4mQ21mhCTVWUxo8kI0Z8Z27
Y3ISDTUf+EoSv2fF8iyY65gwWWIPTwbAkyFq6IP/mbaIbOG0l0/jhy4TrBu3sgEO
LEk4zGIs9UCU3osFRe05OhwUN7iQvxM+4v+2bI0EZybt5Imr6XunDwqJsUa/nyTz
PYHx5jTn0y0uqW4WAKqCz/gbIzBOkyL7BxpiJSbMDQZ8kAmWcz0v1M0pOFxbXOo4
8ookMVR+Bf6rfy72K7HXWIXzBX1i0dfdIT9nAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUZjyGTqi0ifGIbnqJhlZhBdTcHgkwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWmp5R1RxaTBpZkdJ
Ym5xSmhsWmhCZFRjSGdrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJPrpQblyLcVKTXxcrmu/hsXTfpv
Q4BuFblRmS9mZZqA2PIniLGhBVcXOZ0jcS01UQwJASBBdLJnu1FFuJBVQSluYbVx
Khfm+h9pr9Oz3glLap6iPnYAQ/8pB3vibWAqHSo87eObaJAo2Ec2Am5V8gDVnTuR
TQipXS7SnOdTl5MG7gCIvS9DULexxR8SPAF7RZb7HygXMErmNqcaziYz3lCBhndE
cUugEa+qa3l5XxxOz9ygyDDBpf+CkaNH5B+TwlPWFqFsvtQMxUxVB+uM19GbBPkk
/VjOCiIsaJ0N5ozkn9u6NgfqoI40sW1Xi6nWKT6ZhnCxlg7rtyTvVpRDKLw=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:58:38 2025 by rpki-client